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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application. 

Listing of Claims: 

1 . (currently amended) A method of secure session management for a web farm, the 
web farm including a first server and a second server, the second server having a 
requested web page, the method comprising: 

receiving, at the first server, a request for the requested web page from a 
browser, said request including an encrypted session token associated with a 
session; 

decrvDtina . at the first server, said encrypted session token at the first server to 
obtain a session ID and a timestamp; 

transmitting , at the first server, a redirect message to oa i d brows e r , th e r e by 
r e dir e cting said redirect message prompting transmission of said request to the 
second server; 

in conjunction with said transmitting said redirect message , transmitting , at the 
first server, said session ID and said timestamp directly to the second server; 

receiving, at the second server, said reguest: 

receiving, at the second server, said session ID and said timestamp from said 
first server: and 
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verifying said session under control of said second server . 

2. (previously presented) The method claimed in claim 1 , further including creating a 
new session token, encrypting said new session token at the second server to produce 
a new encrypted session token, and transmitting a response to said browser from the 
second server, wherein said response includes said new encrypted session token. 

3. (previously presented) The method claimed in claim 2, wherein said creating a new 
session token includes generating a new session ID and updating said timestamp. 

4. (previously presented) The method claimed in claim 2, further including updating a 
common session database by replacing said session ID and said timestamp with said 
new session token in said common session database. 

5. (cancelled) 

6. (previously presented) The method claimed in claim 1 , wherein a common session 
database contains a stored session ID and a stored timestamp, and wherein said 
verifying includes comparing said session ID and said timestamp with said stored 
session ID and said stored timestamp. 

7. (previously presented) The method claimed in claim 1 , further including determining 
whether said session has timed out, said step of determining including determining an 
elapsed time between said timestamp and a current server time, and comparing said 
elapsed time with a predetermined maximum time to determine whether said session 
has timed out. 

8. (previously presented) The method claimed in claim 7, including closing said session 

if said session has timed out. 

9. (previously presented) The method claimed in claim 1, wherein said transmitting 
includes incorporating said session ID and said timestamp into a URL. 
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10. (previously presented) The method claimed in claim 1, wherein a session 
management web service performs said verifying, said session management web 
service being accessible to said first server and said second server, and wherein said 
verifying includes comparing said session ID and said timestamp with stored session 
data. 

1 1 . (Original) The method claimed in claim 10, wherein the web farm further includes a 
common session database containing said stored session data. 

12. (Original) The method claimed in claim 1, wherein said requested web page 
includes a web resource selected from the group including an applet, an HTML page, a 
Java server page, and an Active server page. 

13. (currently amended) A system for secure session management, the system being 
coupled to a network and receiving a request for a requested web page from a browser 
via the network, the request including an encrypted session token, the system 
comprising: 

a first server including a first request handler for: 
receiving the request; and 

decrypting the encrypted session token to produce a session ID and a 
timestamp; 

a second server including the requested web page; 

a common session database including stored session data; and 

a session management web service, accessible to said first server and said 
second server and including a validation component for comparing said session 
ID and said timestamp with said stored session data; 
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said first request handler adapted to: 

transmit a redirect message to oaid browser , th o r o by r e dir e ct i ng the 
redirect message prompting transmission of said request to said second 
server; and 

transmit the session ID and said timestamp directly to said second server. 

14. (Original) The system claimed In claim 13, wherein said session management web 
service includes a token generator for creating a new session token for said second 
server, and wherein said second server includes a second request handler, said second 
request handler encrypting said new session token to produce a new encrypted session 
token and transmitting a response to said browser, wherein said response includes said 
new encrypted session token. 

15. (previously presented) The system claimed in claim 14, wherein said token 
generator generates a new session ID, and updates said timestamp based upon a 
current server time. 

16. (previously presented) The system claimed in claim 14, wherein said session 
management web service replaces said session ID and said timestamp within said 
common session database with said new session token. 

17. (cancelled) 

18. (previously presented) The system claimed in claim 14, wherein said stored session 
data includes a stored session ID and a stored timestamp, and wherein said validation 
component compares said session ID and said timestamp with said stored session ID 

and said stored timestamp. 

19. (previously presented) The system claimed in claim 14, wherein said validation 
component further determines an elapsed time between said timestamp and a current 
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server time, and compares said elapsed time with a predetermined maximum time to 
determine whether a session has timed out. 

20. (Original) The system claimed in claim 19, wherein said session management web 
service closes said session if said validation component indicates said session has 
timed out. 

21. (previously presented) The system claimed in claim 13, wherein said first request 
handler incorporates said session ID and said timestamp into a URL in order to transmit 
said session token to said second server. 

22. (Original) The system claimed in claim 13, wherein the requested web page 
includes a web resource selected from the group including an applet, an HTML page, a 
Java server page, and an Active server page. 

23. (currently amended) A computer program product having a computer-readable 
medium tangibly embodying computer executable instructions for secure session 
management for a web farm, the web farm including a first server and a second server, 
the second server having a requested web page, the computer executable instructions 
including: 

computer executable instructions for receiving, at the first server, a request for 
the requested web page from a browser, said request including an encrypted 
session token associated with a session; 



computer executable instructions for decrypting , at the first server, said 
encrypted session token at the first server to obtain a session ID and said 
timestamp; 
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computer executable instructions for transmitting , at the first server, a redirect 
message to oa i d browser , thor o by redirecting said redirect message prompting 
transmission of said request to the second server; 

computer executable instructions for transmitting , at the first server, said session 
ID and said timestamp directly to the second server; 

computer executable instructions for receiving, at the second server, said 
reguest: 

computer executable instructions for receiving, at the second server, said 
session ID and said timestamp from said first server: and 

computer executable instructions for verifying said session. 

24. (Original) The computer program product claimed in claim 23, further including 
computer executable instructions for creating a new session token, encrypting said new 
session token at the second server to produce a new encrypted session token, and 
transmitting a response to said browser from the second server, wherein said response 
includes said new encrypted session token. 

25. (previously presented) The computer program product claimed in claim 24, wherein 
said computer executable instructions for creating a new session token include 
computer executable instructions for generating a new session ID and updating said 

timestamp. 

26. (previously presented) The computer program product claimed in claim 24, further 
Including computer executable Instructions for updating a common session database by 
replacing said session ID and said timestamp with said new session token In said 
common session database. 

27. (cancelled) 



7 



Serial No. 10/733,326 
Voluntary Amendment 

28. (previously presented) The computer program product claimed in claim 23, wherein 
a common session database contains a stored session ID and a stored timestamp, and 
wherein said computer executable instructions for verifying include computer 
executable instructions for comparing said session ID and said timestamp with said 
stored session ID and said stored timestamp. 

29. (previously presented) The computer program product claimed in claim 23, further 
including computer executable instructions for determining whether said session has 
timed out, said computer executable instructions for determining including computer 
executable instructions for determining an elapsed time between said timestamp and a 
current server time, and comparing said elapsed time with a predetermined maximum 
time to determine whether said session has timed out. 

30. (Original) The computer program product claimed in claim 29, including computer 
executable instructions for closing said session if said session has timed out. 

31 . (previously presented) The computer program product claimed in claim 23, vyherein 
said computer executable instructions for transmitting include computer executable 
instructions for incorporating said session ID and said timestamp into a URL. 

32. (previously presented) The computer program product claimed in claim 23, wherein 
said computer executable instructions for verifying comprise a session management 
web service, said session management web service being accessible to said first server 
and said second server, and wherein said computer executable instructions for verifying 
include computer executable instructions for comparing said session ID and said 
timestamp with stored session data. 

33. (Original) The computer program product claimed in claim 32, wherein the web farm 
further includes a common session database containing said stored session data. 
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34. (Original) The computer program product claimed in claim 23, wherein said 
requested web page includes a web resource selected from the group including 
applet, an HTML page, a Java server page, and an Active server page. 



